Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Things You Didn’t Know You Could do with Nmap

$
0
0

Things You Didn’t Know You Could do with Nmap

For those who have been in information security for a while, nmap is like a warm and familiar blanket.Exceptthis blanket kicks ass. It is―without question―the most versatile portscanner ever.

A lot of people know that.

Readmy masscan tutorial.

What fewer people know, however, is that with NSE scripting functionality nmap can do things you wouldn’t expect from a portscanner. There arefaster scanners, but there’s nothing as versatile and indespensable.

Let’s look at 10 things you can do with Nmap that might surprise you.

Nmap NSE
Things You Didn’t Know You Could do with Nmap

Typical NSE Output

First, what are NSE scripts?

NSE stands for Nmap Scripting Engine, and they basically allow you (yes, you) to write and share additional functionality that can be bolted onto the scanner we all love.

NSE somewhat blurs the line between portscanner and vulnerability scanner.

So in addition to checking for open ports, learning more about the service running on it, etc.―you can also further interact with it, e.g., see if it’s configured correctly, see what information is available, see if it’s using weak credentials, etc.

It basically turns Nmap into a platform for interacting with network services.

Nmap NSE Examples
Things You Didn’t Know You Could do with Nmap

There are currently 598 NSE scripts, which you can find under the scripts directory in your nmap path.

ssl-enum-ciphers- web Get the TLS ciphers used by the target site.
Things You Didn’t Know You Could do with Nmap
http-wordpress-enum web Looks at a WordPress site and tells you what plugins and themes it’s running.
Things You Didn’t Know You Could do with Nmap

Each of these has better standalone alternatives, but sometimes it’s better to get good enough data from a common tool like Nmap.

asn-query network Finds GEO, ASN, and organization information for the target you specify.
Things You Didn’t Know You Could do with Nmap
http-enum web Looks at the web server software, robots.txt, and does some basic “interesting content” crawling―kind of like nikto .
Things You Didn’t Know You Could do with Nmap
http-headers web Shows you all the headers being sent by a given web server.
Things You Didn’t Know You Could do with Nmap
More scripts

There are tons of scripts for tons of common protocols.

SMB
Things You Didn’t Know You Could do with Nmap
HTTP
Things You Didn’t Know You Could do with Nmap
DNS
Things You Didn’t Know You Could do with Nmap
mysql
Things You Didn’t Know You Could do with Nmap
Summary Nmap may not be the fastest portscanner, but it’s the most versatile. With its NSE functionality, the lines are blurred between portscanner and vuln scanner. The next time you have something common you want to do with a service, check to see if there’s an NSE script available. Let Nmap do the work for you.

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images